Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2019-10163
Analyzed
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-30 Jul, 2019 | 23:15
Updated At-03 Feb, 2023 | 14:27

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Secondary3.03.5LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Primary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.0
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Type: Primary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CPE Matches
powerdns
powerdns
>>authoritative>>Versions from 4.0.0(inclusive) to 4.0.8(exclusive)
cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*
powerdns
powerdns
>>authoritative>>Versions from 4.1.0(inclusive) to 4.1.9(exclusive)
cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*
powerdns
powerdns
>>authoritative>>4.1.0
cpe:2.3:a:powerdns:authoritative:4.1.0:-:*:*:*:*:*:*
openSUSE
opensuse
>>backports>>sle-15
cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*
openSUSE
opensuse
>>backports>>sle-15
cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-770Primarynvd@nist.gov
CWE-770Secondarysecalert@redhat.com
CWE ID: CWE-770
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-770
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/secalert@redhat.com
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163secalert@redhat.com
Issue Tracking
Patch
Third Party Advisory
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.htmlsecalert@redhat.com
Vendor Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10163
Source: secalert@redhat.com
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Change History
0Changes found
Details not found